Posted on

Security Best Practices for Canadian Law Offices

Data Security

Guest Author: Kayla Kneisel, Marketing Specialist, DoProcess

Cloud-based technology and services have entered the mainstream and are here to stay. Cloud apps have become a regular part of our daily lives, and their underlying technologies have matured to the point where they can meet the demanding requirements of a busy law practice.

Concerns about security and privacy have, until recently, delayed the migration of legal professionals to the Cloud. Legal professionals operate in a “zero-fail” environment where the security and confidentiality of client data are paramount, and any sort of breach is intolerable. As many firms have increasingly experienced, providing this security themselves is becoming increasingly cost-prohibitive with new types of threat being discovered all the time. When a law office chooses to embrace a cloud-based practice management solution, that solution needs to offer security that’s superior to what they already have in place – and instill the confidence that it will stay secure in the future.

Here is a look at some of the key security features and their underlying technologies that law offices should look for when considering a provider.

Multi-Layered Security

The ability to access a cloud-based service anytime, anywhere, is certainly a key benefit. This convenience should be paired with a layered security framework that’s quietly chugging away in the background.

There are three main security layers to consider.

  1. How does your law firm access the service?
  2. How is data securely transmitted from your computer to the Cloud?
  3. How and where is your information stored and protected?

Let’s take a look at each in detail.

Knock, knock. Who’s there?

The identity and access management security layer is pivotal to modern cloud applications and is concerned with authentication and authorization. Put another way, this layer requires you to prove to the application that you are who you say you are, so it will let you in.

A highly secure platform should require multiple matching identifiers to ensure only the authorized person is able to log in to their account. For example, a service might require a matching account ID, unique user ID, and a robust password.

An excellent tool at the authentication stage that service providers should include is Two-Step Verification. Two-Step Verification (also called Two-Factor Authentication or 2FA) is exactly what it sounds like. It’s a second step in verifying who you are. When you log into a program with 2FA for the first time (or you log in from a new computer or reset a forgotten password), it will text you a short code to enter to prove that it’s you. That’s it. One of the best parts is that with 2FA, you don’t need to remember the answer to obscure personal questions. It’s an extra layer of security that quickly lets the program know you are an authorized user and lets you safely get to work. 2FA is an excellent defence mechanism against phishing attacks. Even if your account ID, user ID, and password are stolen, a time-limited 2FA code sent to your phone won’t be accessible to them and will prevent their accessing your account. Plus, it will alert you to the fact that someone else has tried to use your information so that you can change your password to prevent future attempts.

What’s encryption, and why does it matter?

Safely transmitting information from your browser to the service and back again is paramount. To make sure your client and firm data are unable to be read while it travels to and from the Cloud, best practice is to use bank-grade encryption.

Like the Cloud, the term “encryption” gets bandied about increasingly often, but its significance isn’t always well understood. However, it should be, as encryption is a fundamental building block of modern secure communications. At its most basic, encryption ensures that only the intended recipient of a piece of information can view it. When people talk about encryption, they are really talking about a mathematical technique that turns information into unreadable code (AKA encrypted data). That encrypted data can only be read when it’s decoded (AKA decrypted) by the intended recipient.

So, why is this important? For any data that travels across the Internet, there is no guarantee that a third party or bad actor won’t try to intercept it. But if data is encrypted, it adds a layer of protection to that information during transmission because it will be unreadable by the third party.

Your Data Should be Locked up Tight

One of the many benefits to using a cloud-based application is that the provider manages updates to malware and virus protections for you. Many services also take care of backing up your data securely. Important questions to ask at this stage are: where is your data saved and how exactly is it protected?

Most cloud-based platforms are hosted in a data centre equipped with servers that deliver the service to customers over the Cloud. When you log into the program via your browser, you are connecting to those servers. While many companies rent servers from a third-party, you can ensure the highest security standards by choosing a provider who securely hosts your data on servers they own, operate, and maintain. This also ensures that the servers are entirely dedicated to delivering the service you rely on, and nothing else.

It is also beneficial to use a service that keeps its servers in Canada so that your data stays within the country at all times. This means you don’t need to worry about your business-critical information being located outside the country and potentially subject to the laws of another jurisdiction. You should also check any service provider’s terms and conditions to ensure that you retain 100% ownership of your data at all times.

Physical access to the cloud servers that host a service should be tightly controlled. They should be located in high-security location (that has all the cameras and 24/7 monitoring you would expect) with extensive environmental controls to keep things running no matter what might happen (such as power outages or natural disasters). Your precious data should always be always safe and secure.

A Commitment to Data Security

The security of cloud-based apps, like any other technology solution, is underpinned by the ongoing commitment to security of the company that provides them. At DoProcess we take seriously our responsibility to ensure all mission-critical systems are protected against threats. The protection of your firm and client data is our primary concern. We have a dedicated security operations team overseeing the security of all applications, and everything must adhere to our stringent corporate security policies.

Unity is the epitome of this commitment and follows all of the best practices outlined above. From robust access protocols to bank-grade encryption technologies and extensive physical data security, Unity protects your precious data end-to-end. You can find more information about Unity’s security features here.

DoProcess was a proud sponsor of the Legal Technology Trends webinar. Click here for the on-demand program.